US2011197253A1PendingUtilityA1

Method and System of Responding to Buffer Overflow Vulnerabilities

34
Assignee: COMODO SECURITY SOLUTIONS INCPriority: Feb 8, 2010Filed: Feb 8, 2010Published: Aug 11, 2011
Est. expiryFeb 8, 2030(~3.6 yrs left)· nominal 20-yr term from priority
Inventors:Egemen Tas
G06F 21/57G06F 21/554
34
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

The application discloses a method of protecting a computer against buffer overflow attacks by creating a security policy based on information about the buffer overflow. This results in a dynamic and “on-the-fly” security policy that can be applied to an application to protect the computer. The application also discloses a method where the buffer overflow is reported to central server. The central server monitors the publisher to determine when a patch becomes available to remedy the problem. The server notifies the security software when a patch is available so that either the security software or computer user can download and install the patch.

Claims

exact text as granted — not AI-modified
1 . A method of responding to a buffer overflow comprising:
 a. Creating a security policy based on information obtained from a buffer overflow and   b. Applying the security policy to the application causing the buffer overflow   
     
     
         2 . A method according to  claim 1 , where the security policy restricts access to the file system for the application causing the buffer overflow. 
     
     
         3 . A method according to  claim 1 , where the security policy is created by security software protecting a computer where the buffer overflow occurred. 
     
     
         4 . A method according to  claim 1 , where the security policy is created by the security software based on the prior actions of the application causing the buffer overflow. 
     
     
         5 . A method according to  claim 4  where the application causing the buffer overflow is restricted from accessing files not previously accessed. 
     
     
         6 . A method according to  claim 5  where the application causing the buffer overflow is restricted from accessing registry entries not previously accessed. 
     
     
         7 . A method according to  claim 1  where the security policy is removed after a patch for the application causing the buffer overflow is installed. 
     
     
         8 . A method according to  claim 7  where the security policy is removed only if the patch information states that the patch corrects the buffer overflow. 
     
     
         9 . A method of responding to a buffer overflow comprising:
 a. Sending information about a buffer overflow to a server,   b. Checking a database to determine if a patch exists for the application causing the buffer overflow,   
     
     
         10 . A method according to  claim 9 , further comprising creating a security policy if a patch does not exist. 
     
     
         11 . A method according to  claim 9 , further comprising having a patch installed for the application causing the buffer overflow. 
     
     
         12 . A method according to  claim 9 , further comprising having the server monitor a website associated with the application causing the buffer overflow. 
     
     
         13 . A method according to  claim 12 , where security software is alerted when a patch becomes available. 
     
     
         14 . A method according to  claim 12 , where the server maintains a list of computers that have reported a buffer overflow. 
     
     
         15 . A method according to  claim 9 , further comprising having security software protecting a computer that experienced the buffer overflow monitor a website associated with the application causing the buffer overflow. 
     
     
         16 . further comprising having the server monitor a website associated with the application causing the buffer overflow. 
     
     
         17 . application's publisher's website patch installed for the application causing the buffer overflow. 
     
     
         18 . A system of responding to a buffer overflow vulnerability comprising:
 a. Security software protecting a computer that experienced a buffer overflow problem   b. A server   c. A database of patches   d. Means of a applying a patch after the server receives information about a buffer overflow vulnerability from the security software.   
     
     
         19 . A system according to  claim 18 , further comprising means of communicating with a website associated with an application that caused a buffer.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.